Disable Outbound email from specific cpanel account? One user?

USA_Webmaster

• December 15, 2021 15:41

While I wait for a response, I'm going to read over the How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation and see if I can get results here. I recently received a null route for UCEProtect Abuse because of heavy spamming. It looks like it's just the one account on WHM. How do I completely disable email for only that account without deleting the entire account? It's a large account with gigs of data and I'm sure they still need access to it. Perhaps I can limit outbound email to one specific account to patch solve this until it's fixed? I've gone into the cPanel account, and deleted all the email accounts, BUT, there is still that single email account... what does deleting the entire MAIL folder do? Could that disable email?

• 

  ffeingol

  • December 15, 2021 21:42

  I'm assuming that the account that is left is the user-id of that cPanel account? If so, there is not much you can do. Otherwise, in cPanel, you can click manage to the right of email and look at the restrictions section you can do various things to disable mail.

  0
• 

  USA_Webmaster

  • December 16, 2021 15:11

  So as far as you know, or understand cPanel, there is no way to "disable" email for a single cPanel account from inside WHM or perhaps using SSH at root? It just seems like such a trivial thing, I can't believe this might not be possible... for paid software with over a decade of development.. mind-boggling.

  0
• 

  quietFinn

  • December 16, 2021 15:56

  If a cPanel account in our server is sending spam the 1st thing to do is to check if it's: 1 - sent from outside of the server, i.e. AUTH RELAY or 2 - sent locally, i.e. LOCAL RELAY If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account. if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.

  0
• 

  USA_Webmaster

  • March 11, 2022 16:11

  If a cPanel account in our server is sending spam the 1st thing to do is to check if it's: 1 - sent from outside of the server, i.e. AUTH RELAY or 2 - sent locally, i.e. LOCAL RELAY If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account. if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.

  
  What if they don't want to fix the suspended account? The paid account just sits there until they fix it? Do you normally restore a backup for free from a few days back? Or just cross-sell them on malware removal? What is #3 step... you are very smart. I like this response. TY!

  0
• 

  quietFinn

  • March 11, 2022 16:30

  It is possible to prevent a cPanel account from sending emails:

  0

Please sign in to leave a comment.